Appendix D: Integration with AWS Direct Connect

Customers have different options for connecting on-premises networks to the transit
VPC.
A common approach is to manually configure the CSR instances with point-to-point VPN
or
DMVPN connections over the Internet.

Another approach is to leverage a detached virtual private gateway (VGW) to conceptually
attach a VGW to a data center. In this approach, a customer creates a VGW, then adds
a spoke
VPC tag (default tag key transitvpc:spoke, default tag value true)
without attaching the VGW to a specific VPC. This will cause the VGW to be automatically
connected to the transit VPC CSR instances, which will start broadcasting any routes
they
have learned to the new VGW. Then, to connect the VGW to remote networks, associate
it with
an AWS Direct Connect virtual interface or create a standard VGW VPN connection. Once
a
virtual interface or VPN connection is connected to the VGW, the VGW will start broadcasting
any routes that it learned from the CSR instances over the remote connection, as depicted
in
the following diagram.

Note

We recommend that you use a different Border Gateway Protocol (BGP) Autonomous System
Number (ASN) between your corporate data center and the customer gateway than you
use
for the transit VPC network. This will allow routes to be more easily propagated between
your data center and your spoke VPCs.

Figure 6: Connecting to remote
networks

This is the recommended approach for customers who have up to 1 Gbps AWS Direct Connect
connections. For larger AWS Direct Connect connections, we recommend establishing
tunnels
directly to the transit VPC CSR instances over either a public or private VIF.

Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's
Help pages for instructions.